Sr. IT Security Analyst

Ontario 407

$115K — $140K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5+ years of IT Security experience with hands-on Security Operations expertise.
  • Diploma or Degree in Computer Science, Engineering, or similar field.
  • Experience with EDR platforms for containment and investigation.
  • Proficiency in NDR technologies for network-based threat detection.
  • Solid grasp of attack techniques and defenses, particularly MITRE ATT&CK.
  • Experience in regulated or audit-driven environments.
  • Hands-on IAM security operations experience, including identity monitoring.

Responsibilities

  • Manage the enterprise vulnerability management lifecycle from discovery to remediation tracking.
  • Correlate vulnerability data to prioritize risks and track SLAs.
  • Lead incident response for security incidents and provide deep technical analysis.
  • Analyze alerts from EDR, NDR, and SIEM platforms to investigate security threats.
  • Maintain and update incident response playbooks and coordination procedures.
  • Perform proactive threat hunting and enhance detection capabilities.
  • Support IAM operational security and monitor for identity-based threats.

Benefits

  • Opportunities for career development and mentorship.
  • Support for ongoing professional training and certifications.
  • A collaborative work environment with cross-functional team interactions.
Full Job Description

Title: Sr. IT Security Analyst

Department: Information Technology

Location: 6300 Steeles Ave West, Woodbridge

Total Potential Compensation: $115,000-$140,000

Position Summary:

The Senior Security Analyst – Security Operationsis responsible foroperating, maturing, and continuously improving core cyber defense and detection capabilities across the enterprise. This role has a strong focus on Vulnerability Management, Endpoint Detection & Response (EDR), Network Detection & Response (NDR), and day9-to9 Security Operations.

The incumbent will act as a senior technical resource within the SOC, providing advanced analysis, threat-driven prioritization, and operational leadership across security monitoring, incident response, vulnerability remediation, and control effectiveness measurement. The role directly contributes to improving the organization9s cyber risk posture, with measurable outcomes reflected in Security Risk Index (SRI) and other governance metrics aligned to NIST and ISO frameworks.

After-hours support and on-call duties may berequiredfor high-severity security incidents.

Position Responsibilities:

Vulnerability Management

  • Own andoperatethe enterprise vulnerability management lifecycle, including discovery, assessment, prioritization, remediation tracking, and risk acceptance

  • Correlate vulnerability data with asset criticality, exploitability, threat intelligence, and exposure to drive risk-based remediation

  • Track remediation SLAs and escalate overdue or accepted risks throughappropriate governancechannels

  • Support internal and external audit evidence for vulnerability management controls

  • Contribute vulnerability metrics to executive and risk committee reporting (e.g., SRI/NSRI)

Security Operations & Incident Response

  • Act as a senior escalation point for security incidents, providing deep technical analysis, containment guidance, and remediation recommendations

  • Lead investigation of alerts generated by EDR, NDR, SIEM, and security analytics platforms

  • Coordinate incident response activities across IT Infrastructure, Network, Cloud, and Application teams

  • Develop andmaintainincident response playbooks, runbooks, and escalation procedures

  • Support post9-incident reviews, root cause analysis, and lessons learned tracking

Endpoint Detection & Response (EDR)

  • Operate and tune EDR platforms to improve detection fidelity, reduce false positives, and enhance response effectiveness

  • Analyze endpoint telemetry for indicators of compromise (IOC), anomalous behavior, and threat actor activity

  • Support endpoint containment actions such as process isolation, host quarantine, and forensic data collection

  • Partner with IT Operations to ensure EDR coverage, health, and policy compliance across endpoints

Network Detection & Response (NDR)

  • Operate and maintain NDR capabilities, including alert triage, investigation, and threat hunting

  • Analyze network traffic, metadata, and behavior-based detections toidentifylateral movement, command-and-control activity, and policy violations

  • Collaborate with Network teams tovalidatedetections and improve network security controls and segmentation

  • Use NDR telemetry tovalidatenetwork segmentation effectiveness and control gaps

Threat Detection & Threat Hunting

  • Perform proactive threat hunting using EDR, NDR, SIEM, and log analytics platforms

  • Apply MITRE ATT&CK 6aligned techniques toidentifystealthy or low-signal threats

  • Integrate external threat intelligence into detection and hunting activities

  • Recommend detection engineering improvements to SOC tooling and analytics

Metrics, Risk & Compliance

  • Define andmaintainsecurity operations KPIs and KRIs (incident trends, MTTR, vulnerability aging, control coverage)

  • Contribute to Security Risk Index (SRI) calculations and continuous improvement initiatives

  • Ensure alignment with NIST CSF, ISO 27001/27002, and internal security standards

  • Support audits by providing defensible evidence of control operation and effectiveness

Continuous Improvement & Leadership

  • Mentor junior analysts andprovidetechnical guidance within the SOC

  • Identifyopportunities to improve automation, orchestration, and response workflows

  • Participate in security architecture reviews and technology evaluations related to detection and response

  • Contribute to the development of security standards, procedures, and operational playbooks

Identity & Access Management (IAM)

  • Support operational security of IAM platforms (e.g., Active Directory, Azure AD / Entra ID, PAM solutions)

  • Monitor and investigate identity9based threats, including credential misuse, privilege escalation, and anomalous authentication behavior

  • Correlate IAM events with EDR, NDR, and SIEM telemetry during incident investigations

  • Support access reviews, entitlement validation, and privileged access oversight in collaboration with IAM and IT teams.

  • Assistwith detection and response use cases related to:

- Compromised accounts.

- Excessive privileges.

- Service account misuse.

- Lateral movement via identity.

  • Contribute to IAM9related risk metrics and control effectiveness reporting (e.g., MFA coverage, privileged account exposure).

  • Support audit evidence for IAM controls aligned to NIST CSFPR.AA, ISO 27001 A.5/A.8, and internal access standards.

Qualifications

  • Minimum5+ years of experience in IT Security, with strong hands-on experience in Security Operations.

  • College Diploma or University Degree in Computer Science, Engineering, or related field.

  • EDR platforms (e.g., endpoint containment, alert triage, investigation).

  • NDR technologies and network-based threat detection.

  • Security Incident Response and Investigation.

  • Strong understanding of attacker techniques and defensive controls (MITRE ATT&CK).

  • Experience working in regulated or audit-driven environments.

  • Hands9-on experience supporting IAM security operations, including identity monitoring and access control validation.

  • Strong understanding of authentication, authorization, MFA, RBAC, and privileged access concepts.

  • Experience analyzing identity logs and alerts within SIEM or security analytics platforms.

PreferredQualifications

  • Experience with enterprise SOC tooling including SIEM, EDR, NDR, SOAR.

  • Experience operating security controls in hybrid (on9prem and cloud) environments.

  • Familiarity with Security Risk Index (SRI), cyber risk metrics, or risk-based reporting.

  • Knowledge of network architecture and segmentation concepts.

  • One or more of the following certifications:

- CISSP

- CISM

- GCIA / GCED / GCEDR / GCIH

- CompTIA Security+

- SANS Blue Team certifications

We are actively seeking to fill this role as it is a current vacancy.

Similar Jobs

More Jobs at Ontario 407

More Information Technology Jobs

Find similar Sr. IT Security Analyst jobs: